<?

	// Please do not forget to declare the variable $PathToRoot before including this
	// file. If you do not do so it will assume that you are in the root directory

	// If the file can be accessed only by the admin you need to include the following
	// line before you include this file
	// $RequiresAdmin = true;

	require_once $PathToRoot . 'connect.php';
	require_once 'log.php';
	require_once $PathToRoot . "time.php";

	$connect = @mysql_connect ($hostname, $username, $password);
	if (!$connect) {
		LogScriptAccess (False, "No DB Connection.");
		header ("Location: " . "NotAuthorized.php?reason=0");
		Exit;
	}
	mysql_select_db ($dbase, $connect);
	mysql_query ('SET CHARACTER SET cp1251', $connect);
	$FOUserName = to_db ($_COOKIE['Name']);
	$sql = "SELECT SessionCode,LastIP,LastVisit, Admin FROM " . $UserTable . " WHERE Name='" . $FOUserName . "'";
	$result = @mysql_query($sql, $connect);
	if (!$result) {
		mysql_close ($connect);
		LogScriptAccess (False, "Error in the user request query.");
		header ("Location: NotAuthorized.php?reason=1");
		Exit;
	}

	$rows = @mysql_num_rows($result);
	if (!$rows || $rows < 1) {
		mysql_close ($connect);
		LogScriptAccess (False, "Incorrect username.");
		header ("Location: NotAuthorized.php?reason=2");
		Exit;
	}

	$row = @mysql_fetch_array ($result, $connect);
	if ($row ["SessionCode"] !== $_COOKIE ["admin_session_code"]) {
		mysql_close ($connect);
		LogScriptAccess (False, "Unmatching session code.");
		header ("Location: NotAuthorized.php?reason=3");
		Exit;
	}

	$BaseTime = SubHours (date ("Y-m-d G:i:s"), 3);
	$AdminLevel = $row ["Admin"];
	if ($LevelsAllowed != False && $LevelsAllowed != '') {
		if (!in_array ($AdminLevel, $LevelsAllowed)) {
			LogScriptAccess (False, "Unauthorized acces to an admin page.");
			header ("Location: NotAuthorized.php?reason=8");
			Exit;
		}
	}
	LogScriptAccess (True, "");
?>